Site Navigation

Date:      Wed, 4 Jun 2003 22:44:53 -0700 (PDT)
From:      Brian O'Shea <b_oshea@yahoo.com>
To:        freebsd-hackers@freebsd.org
Subject:   0xdeadc0de panic after plugging in USB CompactFlash reader/writer on 5.0-RELEASE
Message-ID:  <20030605054453.22192.qmail@web10507.mail.yahoo.com>

---

next in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
System panics after PQI Travel Flash (USB Compact Flash reader/writer mass
storage device) is plugged in.

This is 5.0-RELEASE on i386.

I built a debug kernel to get a better crash dump and reproduced the problem:

makeoptions DEBUG=-g        #Build kernel with gdb(1) debug symbols

# Kernel debugging options
options     DDB                 # Kernel debugger
options     INVARIANTS          # Extra sanity checks on kernel strucs
options     INVARIANT_SUPPORT   # Support for INVARIANTS (required)

Unfortunately I couldn't do much with the kernel debugger so I disabled it,
reproduced the problem again and got a crash dump (some more information
attached).  Is this useful to anyone?  I can provide more information on
request.  I'll keep the crash dump around for a while.

-brian


__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com
[-- Attachment #2 --]
Good dump found on device /dev/ad0s1b
  Architecture: i386
  Architecture version: 1
  Dump length: 536805376B (511 MB)
  Blocksize: 512
  Dumptime: Sun Jun  1 00:25:26 2003
  Hostname: apsara
  Versionstring: FreeBSD 5.0-RELEASE #0: Sat May 31 23:53:25 PDT 2003
    root@apsara:/usr/src/sys/i386/compile/APSARA_DBG
  Panicstring: bremfree: bp 0xce5e1d48 not locked
  Bounds: 1

[-- Attachment #3 --]
[20:10 apsara:/var/crash]# gdb -k kernel.debug.1 vmcore.1
GNU gdb 5.2.1 (FreeBSD)
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-undermydesk-freebsd"...
panic: bremfree: bp 0xce5e1d48 not locked
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address	= 0xdeadc0de
fault code		= supervisor read, page not present
instruction pointer	= 0x8:0xc028c05e
stack pointer	        = 0x10:0xd68d4c8c
frame pointer	        = 0x10:0xd68d4c90
code segment		= base 0x0, limit 0xfffff, type 0x1b
			= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 2 (g_event)
trap number		= 12
panic: page fault

syncing disks, buffers remaining... panic: bremfree: bp 0xce5e1d48 not locked
Uptime: 3m32s
Dumping 511 MB
ata0: resetting devices ..
done
 16 32 48 64 80 96 112 128 144 160 176 192 208 224 240 256 272 288 304 320 336 352 368 384 400 416 432 448 464 480 496
---
#0  doadump () at ../../../kern/kern_shutdown.c:232
232		dumping++;
(kgdb) bt
#0  doadump () at ../../../kern/kern_shutdown.c:232
#1  0xc022df6a in boot (howto=260) at ../../../kern/kern_shutdown.c:364
#2  0xc022e1b3 in panic () at ../../../kern/kern_shutdown.c:517
#3  0xc026e447 in bremfree (bp=0xce5e1d48) at ../../../kern/vfs_bio.c:632
#4  0xc026ff78 in vfs_bio_awrite (bp=0xce5e1d48) at ../../../kern/vfs_bio.c:1633
#5  0xc01f7387 in spec_fsync (ap=0xd68d4ab0) at ../../../fs/specfs/spec_vnops.c:462
#6  0xc01f6828 in spec_vnoperate (ap=0x0) at ../../../fs/specfs/spec_vnops.c:126
#7  0xc032585d in ffs_sync (mp=0xc41d9c00, waitfor=2, cred=0xc150ae80, td=0xc0400760) at vnode_if.h:612
#8  0xc02822cb in sync (td=0xc0400760, uap=0x0) at ../../../kern/vfs_syscalls.c:138
#9  0xc022dbbc in boot (howto=256) at ../../../kern/kern_shutdown.c:273
#10 0xc022e1b3 in panic () at ../../../kern/kern_shutdown.c:517
#11 0xc037d9f2 in trap_fatal (frame=0xd68d4c4c, eva=0) at ../../../i386/i386/trap.c:844
#12 0xc037d6d2 in trap_pfault (frame=0xd68d4c4c, usermode=0, eva=3735929054) at ../../../i386/i386/trap.c:758
#13 0xc037d24d in trap (frame=
      {tf_fs = -1069875176, tf_es = 16, tf_ds = -695402480, tf_edi = 0, tf_esi = -1051597936, tf_ebp = -695382896, tf_isp = -695382920, tf_ebx = 0, tf_edx = -559038242, tf_ecx = -1069850576, tf_eax = 103, tf_trapno = 12, tf_err = 0, tf_eip = -1071071138, tf_cs = 8, tf_eflags = 66198, tf_esp = 0, tf_ss = -695382840}) at ../../../i386/i386/trap.c:445
#14 0xc036de88 in calltrap () at {standard input}:98
#15 0xc01fb081 in g_do_event (ep=0xc4555ac0) at ../../../geom/geom_event.c:185
#16 0xc01fb3c6 in one_event () at ../../../geom/geom_event.c:255
#17 0xc01fb435 in g_run_events () at ../../../geom/geom_event.c:268
#18 0xc01fc255 in g_event_procbody () at ../../../geom/geom_kern.c:140
#19 0xc021a954 in fork_exit (callout=0xc01fc210 <g_event_procbody>, arg=0x0, frame=0x0) at ../../../kern/kern_fork.c:872
(kgdb) frame 15
#15 0xc01fb081 in g_do_event (ep=0xc4555ac0) at ../../../geom/geom_event.c:185
185				if (!strcmp(ep->provider->name, "geom.ctl") &&
(kgdb) list
180			g_trace(G_T_TOPOLOGY, "EV_NEW_PROVIDER(%s)",
181			    ep->provider->name);
182			LIST_FOREACH(mp, &g_classes, class) {
183				if (mp->taste == NULL)
184					continue;
185				if (!strcmp(ep->provider->name, "geom.ctl") &&
186				    strcmp(mp->name, "DEV"))
187					continue;
188				i = 1;
189				LIST_FOREACH(cp, &ep->provider->consumers, consumers)
(kgdb) set print pretty
(kgdb) p ep
$1 = (struct g_event *) 0xc4555ac0
(kgdb) p *ep
$2 = {
  event = EV_NEW_PROVIDER, 
  events = {
    tqe_next = 0x0, 
    tqe_prev = 0xc03fef8c
  }, 
  class = 0x0, 
  geom = 0x0, 
  provider = 0xc41fbd80, 
  consumer = 0x0, 
  arg = 0x0, 
  func = 0
}
(kgdb) p *ep->provider
$3 = {
  protect = 3735929054, 
can not access 0xdeadc0de, invalid address (deadc0de)
can not access 0xdeadc0de, invalid address (deadc0de)
can not access 0xdeadc0de, invalid address (deadc0de)
can not access 0xdeadc0de, invalid address (deadc0de)
can not access 0xdeadc0de, invalid address (deadc0de)
can not access 0xdeadc0de, invalid address (deadc0de)
  name = 0xdeadc0de <Address 0xdeadc0de out of bounds>, 
  provider = {
    le_next = 0xdeadc0de, 
    le_prev = 0xdeadc0de
  }, 
  geom = 0xdeadc0de, 
  consumers = {
    lh_first = 0xdeadc0de
  }, 
  acr = -559038242, 
  acw = -559038242, 
  ace = -559038242, 
  error = -559038242, 
  event = 0xdeadc0de, 
  orphan = {
    tqe_next = 0xdeadc0de, 
    tqe_prev = 0xdeadc0de
  }, 
  index = 3735929054, 
  mediasize = -2401050962867404578, 
  sectorsize = 3735929054
}
(kgdb) ptype ep->provider
type = struct g_provider {
    u_int protect;
    char *name;
    struct {
        struct g_provider *le_next;
        struct g_provider **le_prev;
    } provider;
    struct g_geom *geom;
    struct {
        struct g_consumer *lh_first;
    } consumers;
    int acr;
    int acw;
    int ace;
    int error;
    struct g_event *event;
    struct {
        struct g_provider *tqe_next;
        struct g_provider **tqe_prev;
    } orphan;
    u_int index;
    off_t mediasize;
    u_int sectorsize;
} *
(kgdb) bt
#0  doadump () at ../../../kern/kern_shutdown.c:232
#1  0xc022df6a in boot (howto=260) at ../../../kern/kern_shutdown.c:364
#2  0xc022e1b3 in panic () at ../../../kern/kern_shutdown.c:517
#3  0xc026e447 in bremfree (bp=0xce5e1d48) at ../../../kern/vfs_bio.c:632
#4  0xc026ff78 in vfs_bio_awrite (bp=0xce5e1d48) at ../../../kern/vfs_bio.c:1633
#5  0xc01f7387 in spec_fsync (ap=0xd68d4ab0) at ../../../fs/specfs/spec_vnops.c:462
#6  0xc01f6828 in spec_vnoperate (ap=0x0) at ../../../fs/specfs/spec_vnops.c:126
#7  0xc032585d in ffs_sync (mp=0xc41d9c00, waitfor=2, cred=0xc150ae80, td=0xc0400760) at vnode_if.h:612
#8  0xc02822cb in sync (td=0xc0400760, uap=0x0) at ../../../kern/vfs_syscalls.c:138
#9  0xc022dbbc in boot (howto=256) at ../../../kern/kern_shutdown.c:273
#10 0xc022e1b3 in panic () at ../../../kern/kern_shutdown.c:517
#11 0xc037d9f2 in trap_fatal (frame=0xd68d4c4c, eva=0) at ../../../i386/i386/trap.c:844
#12 0xc037d6d2 in trap_pfault (frame=0xd68d4c4c, usermode=0, eva=3735929054) at ../../../i386/i386/trap.c:758
#13 0xc037d24d in trap (frame=
      {tf_fs = -1069875176, tf_es = 16, tf_ds = -695402480, tf_edi = 0, tf_esi = -1051597936, tf_ebp = -695382896, tf_isp = -695382920, tf_ebx = 0, tf_edx = -559038242, tf_ecx = -1069850576, tf_eax = 103, tf_trapno = 12, tf_err = 0, tf_eip = -1071071138, tf_cs = 8, tf_eflags = 66198, tf_esp = 0, tf_ss = -695382840}) at ../../../i386/i386/trap.c:445
#14 0xc036de88 in calltrap () at {standard input}:98
#15 0xc01fb081 in g_do_event (ep=0xc4555ac0) at ../../../geom/geom_event.c:185
#16 0xc01fb3c6 in one_event () at ../../../geom/geom_event.c:255
#17 0xc01fb435 in g_run_events () at ../../../geom/geom_event.c:268
#18 0xc01fc255 in g_event_procbody () at ../../../geom/geom_kern.c:140
#19 0xc021a954 in fork_exit (callout=0xc01fc210 <g_event_procbody>, arg=0x0, frame=0x0) at ../../../kern/kern_fork.c:872
(kgdb) frame 16
#16 0xc01fb3c6 in one_event () at ../../../geom/geom_event.c:255
255		g_do_event(ep);
(kgdb) list
250			ep->geom->event = NULL;
251		if (ep->provider != NULL)
252			ep->provider->event = NULL;
253		if (ep->consumer != NULL)
254			ep->consumer->event = NULL;
255		g_do_event(ep);
256		g_destroy_event(ep);
257		g_pending_events--;
258		if (g_pending_events == 0)
259			wakeup(&g_pending_events);

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030605054453.22192.qmail>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact